MITRE ATT&CK Fundamentals
Published by O'Reilly Media, Inc.
How penetration testers, defenders, and blue or red teams can put the knowledge base to use +AI
MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. It is used by penetration testers and red teams to plan and automate the known attack patterns, tactics, techniques, and processes of the top advanced persistent threat (APT) groups.
Join cybersecurity expert Dean Bushmiller to discover the 13 tactics and techniques most used by cybercriminals and learn how to do what they do so you can detect and prevent components of each attack in the enterprise. Understanding the progression of all APTs and using MITRE ATT&CK in your organization will give you the best chance of thwarting the worst of the bad guys.
What you’ll learn and how you can apply it
By the end of this live online course, you’ll understand:
- MITRE ATT&CK indicators of compromise (IoC)
- Why threat modeling matters to your organization
- How to automate threat intelligence
And you’ll be able to:
- Use MITRE ATT&CK to understand current attacker tactics, techniques, and processes
- Apply the general use cases of detections and analytics, threat intelligence, adversary emulation (red-teaming), and assessment and engineering
This live event is for you because...
- You need a better understanding of advanced persistent threats.
- You work with threats and controls on a daily basis.
- You want a job in a security operations center.
Prerequisites
- A computer with VirtualBox, Windows 2012, and Microsoft Sysmon installed and configured
- Some familiarity with advanced persistent threat
- Experience working with MITRE ATT&CK Navigator at least once
Recommended preparation:
- Explore the repository for one hour of either AWS cloud or local virtual machine set up for best success in doing labs can be found on the github/deanbushmiller/ATTACK
- Explore MITRE ATT&CK (expert playlist)
- Review and watch technical setup one day before start of class
Recommended follow-up:
- Watch Certified Ethical Hacker (video series with Dean Bushmiller)
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Getting Started (5 minutes)
- Presentation: Course introduction
- Hands-on exercises: Get to resources; start lab machines
- Group discussion: Skills survey
- Q&A
MITRE ATT&CK Intro (10 minutes)
- Presentation: Choose your interface—website, attack-navigator, STIX/TAXII
- Group discussion: What is your use case?
- Q&A
Tactics—Part I (25 minutes)
- Presentation: Visibility into reconnaissance; resource development; initial access; ATOMIC execution; persistence; privilege escalation
- Hands-on exercises: Explore execution, persistence, and privilege escalation
- Q&A
- Break
Tactics—Part II (25 minutes)
- Presentation: Defense evasion; credential access; discovery
- Hands-on exercises: Perform defense evasion, credential access, discovery, lateral movement, collection, command and control, and exfiltration
- Q&A
Prevention and mitigation (25 minutes)
- Presentation: Long-term security engineering; the futility of patch whack-a-mole and why you need to get better at it; risk management/assessment; threat modeling
- Q&A
Your Instructor
Dean Bushmiller
Dean Bushmiller consults on cybersecurity, incident response, and penetration testing and is using AI to build and secure learning platforms. He’s been teaching cybersecurity since 1999, has over 1,000 hours of recorded cybersecurity training, and a lifetime instructor approval rating of over 90%. He has also achieved more than 36 major cybersecurity certifications and passed over 100 certification exams.
Dean built the full library of NICE framework knowledge statements, which includes over 600 basic, intermediate, and advanced cybersecurity topics in an easy one-hour online format. Though he’s not a member of the military, he has had the honor to train the US military since 1999. In recognition for outstanding service in the information assurance field, he has received eight mission coins.